[go: up one dir, main page]

CN107733838A - A kind of mobile terminal client terminal identity identifying method, device and system - Google Patents

A kind of mobile terminal client terminal identity identifying method, device and system Download PDF

Info

Publication number
CN107733838A
CN107733838A CN201610658158.7A CN201610658158A CN107733838A CN 107733838 A CN107733838 A CN 107733838A CN 201610658158 A CN201610658158 A CN 201610658158A CN 107733838 A CN107733838 A CN 107733838A
Authority
CN
China
Prior art keywords
mobile terminal
user
random code
information
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610658158.7A
Other languages
Chinese (zh)
Inventor
周培权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Anhui Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201610658158.7A priority Critical patent/CN107733838A/en
Publication of CN107733838A publication Critical patent/CN107733838A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明公开了一种移动终端客户端身份认证方法,包括:将用户登录账号与移动终端号码绑定;所述方法还包括:接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;检测是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;其中,所述随机码根据所述登录信息生成。本发明还同时公开了一种移动终端客户端身份认证装置和系统。

The invention discloses a mobile terminal client identity authentication method, which includes: binding the user login account with the mobile terminal number; the method also includes: after receiving the login request, performing login information including the user login account and password Verify, after the verification is passed, obtain the mobile terminal number correspondingly bound to the user login account; detect whether the information sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result; wherein, The random code is generated according to the login information. The invention also discloses a mobile terminal client identity authentication device and system at the same time.

Description

一种移动终端客户端身份认证方法、装置和系统A mobile terminal client identity authentication method, device and system

技术领域technical field

本发明涉及通信领域中业务支撑及信息安全管理技术,尤其涉及一种移动终端客户端身份认证方法、装置和系统。The invention relates to business support and information security management technology in the communication field, in particular to a mobile terminal client identity authentication method, device and system.

背景技术Background technique

近年来,随着移动互联网技术的快速发展,各种移动终端的应用如手机端应用程序在工作、生活中的应用越来越普及。目前,绝大部分手机端应用采用静态密码结合动态验证码的登录方式,然而动态验证码方式的安全性不高、且不够便捷,因此,用户信息的安全验证显得尤为重要。In recent years, with the rapid development of mobile Internet technology, various mobile terminal applications, such as mobile phone applications, have become more and more popular in work and life. At present, most mobile phone applications use a static password combined with a dynamic verification code to log in. However, the dynamic verification code is not safe and convenient enough. Therefore, the security verification of user information is particularly important.

为了保证用户信息的安全,目前,已有一些相关的专利文献提出了解决方法,例如:专利号为200910236953.7的专利公开了一种移动终端用户认证鉴权方法及系统,通过对认证用户账号和移动终端用户的手机号分别设定鉴权序列号组,在认证鉴权时,对用户帐号和手机号对应的鉴权序列号进行比较,从而实现用户认证和后续鉴权;专利号为201110092438.3的专利公开了一种手机银行客户端信息认证方法、系统及移动终端,包括:分别建立手机身份识别模块(SIM)卡信息、手机硬件信息与手机银行注册客户信息的绑定关系,判断所述登录手机的SIM卡信息和硬件信息是否与对应的绑定关系中的手机SIM卡信息和硬件信息相匹配,如果是,则登录信息验证通过,否则登录信息验证失败;专利号为201210417594.7的专利公开了一种注册和/或登陆网络应用中用户身份鉴权的方法,包括:应用系统向被邀请人的手机号码发送邀请短信,所述邀请短信包含一个邀请码;被邀请人在登陆或注册所述应用系统时,输入自己的手机号码和邀请码;应用系统判断所述手机号码和邀请码是否正确,如果正确,则允许登陆或注册,如果不正确,则拒绝登陆或注册。In order to ensure the security of user information, at present, some relevant patent documents have proposed solutions. For example, the patent No. 200910236953.7 discloses a mobile terminal user authentication method and system. The mobile phone number of the terminal user sets the authentication serial number group respectively, and compares the authentication serial number corresponding to the user account and the mobile phone number during authentication and authentication, so as to realize user authentication and subsequent authentication; the patent disclosure of the patent number 201110092438.3 Provided are a mobile banking client information authentication method, system, and mobile terminal, including: respectively establishing the binding relationship between mobile phone identity module (SIM) card information, mobile phone hardware information, and mobile banking registered customer information, and judging the identity of the logged-in mobile phone Whether the SIM card information and hardware information match the mobile phone SIM card information and hardware information in the corresponding binding relationship, if yes, the login information verification is passed, otherwise the login information verification fails; the patent No. 201210417594.7 discloses a A method for user identity authentication in a registration and/or login network application, comprising: the application system sends an invitation text message to the mobile phone number of the invitee, and the invitation text message contains an invitation code; , enter your own mobile phone number and invitation code; the application system judges whether the mobile phone number and invitation code are correct, if correct, allows login or registration, if incorrect, then refuses to log in or register.

然而,上述几种现有的用户认证鉴权方法,虽然能够在一定程度上解决用户信息安全性问题,但还存在以下缺陷:However, although the above-mentioned several existing user authentication and authentication methods can solve the problem of user information security to a certain extent, they still have the following defects:

1)专利号为200910236953.7的专利中使用账号、密码进行鉴权,存在伪造签名、破解密码等安全漏洞;1) The patent No. 200910236953.7 uses account numbers and passwords for authentication, and there are security loopholes such as forging signatures and cracking passwords;

2)专利号为201110092438.3的专利中需要捆绑用户手机硬件信息,移植性差、便捷性不够,且在用户变更终端或SIM卡后,需要重新注册;另外,硬件信息可能会被他人破解、篡改,存在一定的安全隐患;2) In the patent No. 201110092438.3, the hardware information of the user's mobile phone needs to be bundled, which is poor in portability and convenience, and needs to be re-registered after the user changes the terminal or SIM card; in addition, the hardware information may be cracked and tampered by others, and there are Certain potential safety hazards;

3)专利号为201210417594.7的专利中用户需输入下发的邀请码,操作复杂、且耗时长,同时,下发的邀请码容易被他人通过其他途径截获,降低了系统安全性。3) In the patent No. 201210417594.7, the user needs to input the issued invitation code, which is complicated and time-consuming. At the same time, the issued invitation code is easily intercepted by others through other means, which reduces the system security.

发明内容Contents of the invention

有鉴于此,本发明实施例期望提供一种移动终端客户端身份认证方法、装置和系统,旨在确保用户信息安全性的前提下,减少用户操作步骤、缩短认证时长,提升用户使用体验。In view of this, the embodiments of the present invention expect to provide a mobile terminal client identity authentication method, device and system, aiming at reducing user operation steps, shortening authentication time, and improving user experience while ensuring user information security.

为达到上述目的,本发明实施例的技术方案是这样实现的:In order to achieve the above object, the technical solution of the embodiment of the present invention is achieved in this way:

本发明实施例提供一种移动终端客户端身份认证方法,将用户登录账号与移动终端号码绑定;所述方法还包括:An embodiment of the present invention provides a mobile terminal client identity authentication method, which binds a user login account with a mobile terminal number; the method further includes:

接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;After receiving the login request, verify the login information including the user login account and password, and obtain the mobile terminal number correspondingly bound to the user login account after the verification is passed;

检测是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;Detect whether the information sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result;

其中,所述随机码根据所述登录信息生成。Wherein, the random code is generated according to the login information.

上述方案中,所述随机码由移动终端客户端根据用户输入的登录信息生成;In the above solution, the random code is generated by the mobile terminal client according to the login information input by the user;

在生成随机码之后,所述方法还包括:由所述移动终端客户端发送内容为所述用户登录账号和密码的登录请求至服务端,以及发送内容为随机码的信息请求至第三方设备;所述第三方设备响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。After generating the random code, the method further includes: sending, by the mobile terminal client, a login request whose content is the user login account and password to the server, and sending an information request whose content is the random code to a third-party device; The third-party device responds to the information request, and notifies the mobile terminal client to send information whose content is a random code to the server.

上述方案中,所述生成随机码,包括:使用数字签名算法(DSA,Digital SignatureAlgorithm)生成随机码,其中,所述DSA为非对称加密算法中的至少一种。In the above solution, generating the random code includes: using a digital signature algorithm (DSA, Digital Signature Algorithm) to generate the random code, wherein the DSA is at least one of asymmetric encryption algorithms.

上述方案中,所述根据检测结果确定是否允许用户登录,包括:In the above solution, determining whether to allow the user to log in according to the detection result includes:

从所述第三方设备上监听是否有与所述用户登录账号对应绑定的移动终端号码发送的内容为随机码的信息,若是,则将监听结果反馈给所述移动终端客户端,确定用户的身份认证通过,允许所述用户登录;否则,将监听结果反馈给所述移动终端客户端,确定用户的身份认证未通过,不允许所述用户登录。Monitor from the third-party device whether there is information that the content sent by the mobile terminal number correspondingly bound to the user login account is random code information, and if so, feed back the monitoring result to the mobile terminal client to determine the user's If the identity authentication is passed, the user is allowed to log in; otherwise, the monitoring result is fed back to the mobile terminal client to determine that the user's identity authentication has not passed, and the user is not allowed to log in.

本发明实施例提供一种移动终端客户端身份认证装置,所述装置包括:账号号码绑定单元、登录信息验证单元、绑定号码获取单元、随机码信息检测单元、用户登录确定单元;其中,An embodiment of the present invention provides an identity authentication device for a mobile terminal client. The device includes: an account number binding unit, a login information verification unit, a binding number acquisition unit, a random code information detection unit, and a user login determination unit; wherein,

所述账号号码绑定单元,用于将用户登录账号与移动终端号码绑定;The account number binding unit is used to bind the user login account with the mobile terminal number;

所述登录信息验证单元,用于接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证;The login information verification unit is configured to verify the login information including the user login account number and password after receiving the login request;

所述绑定号码获取单元,用于所述登录信息验证单元验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;The binding number obtaining unit is configured to obtain the mobile terminal number correspondingly bound to the user login account after the login information verification unit passes the verification;

所述随机码信息检测单元,用于检测是否收到所述移动终端号码发送的内容为随机码的信息;The random code information detection unit is used to detect whether the information sent by the mobile terminal number is a random code;

所述用户登录确定单元,用于根据所述随机码信息检测单元的检测结果确定是否允许用户登录;The user login determination unit is configured to determine whether to allow user login according to the detection result of the random code information detection unit;

其中,所述随机码根据所述登录信息生成。Wherein, the random code is generated according to the login information.

上述方案中,所述装置还包括:随机码生成单元、登录请求发送单元、随机码信息发送单元;其中,In the above solution, the device further includes: a random code generating unit, a login request sending unit, and a random code information sending unit; wherein,

所述随机码生成单元,用于由移动终端客户端根据用户输入的登录信息生成随机码;The random code generation unit is used to generate a random code by the mobile terminal client according to the login information input by the user;

所述登录请求发送单元,用于在所述随机码生成单元生成随机码之后,由所述移动终端客户端发送内容为所述用户登录账号和密码的登录请求至服务端;The login request sending unit is configured to send, by the mobile terminal client, a login request whose content is the user login account number and password to the server after the random code generation unit generates the random code;

所述随机码信息发送单元,用于在所述随机码生成单元生成随机码之后,发送内容为随机码的信息请求至第三方设备;所述第三方设备响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。The random code information sending unit is configured to send an information request containing a random code to a third-party device after the random code generating unit generates the random code; the third-party device responds to the information request and notifies the The mobile terminal client sends information containing random codes to the server.

上述方案中,所述随机码生成单元,具体用于:使用DSA生成随机码,其中,所述DSA为非对称加密算法中的至少一种。In the above solution, the random code generating unit is specifically configured to: use DSA to generate a random code, wherein the DSA is at least one of asymmetric encryption algorithms.

上述方案中,所述用户登录确定单元,具体用于:In the above solution, the user login determination unit is specifically used for:

从所述第三方设备上监听是否有与所述用户登录账号对应绑定的移动终端号码发送的内容为随机码的信息,若是,则将监听结果反馈给所述移动终端客户端,确定用户的身份认证通过,允许所述用户登录;否则,将监听结果反馈给所述移动终端客户端,确定用户的身份认证未通过,不允许所述用户登录。Monitor from the third-party device whether there is information that the content sent by the mobile terminal number correspondingly bound to the user login account is random code information, and if so, feed back the monitoring result to the mobile terminal client to determine the user's If the identity authentication is passed, the user is allowed to log in; otherwise, the monitoring result is fed back to the mobile terminal client to determine that the user's identity authentication has not passed, and the user is not allowed to log in.

本发明实施例还提供一种移动终端客户端身份认证系统,所述系统包括:移动终端客户端、服务端、第三方设备;其中,The embodiment of the present invention also provides a mobile terminal client identity authentication system, the system includes: a mobile terminal client, a server, and a third-party device; wherein,

所述移动终端客户端,用于根据用户输入的登录信息生成随机码;还用于发送内容为所述用户登录账号和密码的登录请求至所述服务端,以及发送内容为随机码的信息请求至所述第三方设备;The mobile terminal client is used to generate a random code according to the login information input by the user; it is also used to send a login request whose content is the user login account and password to the server, and send an information request whose content is a random code to said third party device;

所述服务端,用于将用户登录账号与移动终端号码绑定;接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;检测所述第三方设备是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;The server is configured to bind the user login account with the mobile terminal number; after receiving the login request, verify the login information including the user login account and password, and after the verification is passed, obtain the account corresponding to the user login account. Determine the mobile terminal number; detect whether the third-party device receives the information that the content sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result;

所述第三方设备,用于响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。The third-party device is configured to respond to the information request, and notify the mobile terminal client to send information whose content is a random code to the server.

上述方案中,所述移动终端客户端,具体用于:使用DSA生成随机码,其中,所述DSA为非对称加密算法中的至少一种。In the above solution, the mobile terminal client is specifically configured to: use DSA to generate a random code, wherein the DSA is at least one of asymmetric encryption algorithms.

本发明实施例所提供的移动终端客户端身份认证方法、装置和系统,将用户登录账号与移动终端号码绑定;接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;检测是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;其中,所述随机码根据所述登录信息生成。本发明实施例只需建立移动终端号码与用户登录账号之间的绑定关系,提高了移动终端客户端应用程序的移植性与使用便捷性;另外,移动终端客户端身份认证步骤为静态验证和动态验证的结合,即:采用双重认证;如此,不仅可以确保用户登录的移动终端客户端与用户绑定移动终端号码使用的移动终端客户端保持一致,还能够解决伪造签名、破解密码等安全漏洞,极大地提高了用户信息安全性。The mobile terminal client identity authentication method, device and system provided by the embodiments of the present invention bind the user login account with the mobile terminal number; after receiving the login request, verify the login information including the user login account and password, and verify After passing through, obtain the mobile terminal number correspondingly bound to the user login account; detect whether the information sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result; wherein, the random code A code is generated based on the login information. The embodiment of the present invention only needs to establish the binding relationship between the mobile terminal number and the user login account, which improves the portability and convenience of the application program of the mobile terminal client; in addition, the identity authentication steps of the mobile terminal client are static verification and The combination of dynamic verification, that is: the use of double authentication; in this way, it can not only ensure that the mobile terminal client logged in by the user is consistent with the mobile terminal client used by the user to bind the mobile terminal number, but also solve security vulnerabilities such as forged signatures and password cracking , greatly improving the security of user information.

除此之外,本发明实施例不需要用户接收邀请码,后台网关通过第三方设备就可以自动智能完成用户登录身份的认证,减少用户操作步骤,缩短认证时长,为用户带来更佳的使用体验。In addition, the embodiment of the present invention does not require the user to receive the invitation code, and the background gateway can automatically and intelligently complete the authentication of the user's login identity through a third-party device, reducing user operation steps, shortening the authentication time, and bringing better use to users. experience.

附图说明Description of drawings

图1为本发明实施例移动终端客户端身份认证方法的实现流程示意图;FIG. 1 is a schematic diagram of the implementation process of a mobile terminal client identity authentication method according to an embodiment of the present invention;

图2为本发明实施例移动终端客户端身份认证方法的具体实现流程示意图;FIG. 2 is a schematic diagram of a specific implementation process of a mobile terminal client identity authentication method according to an embodiment of the present invention;

图3为本发明实施例移动终端客户端身份认证装置的组成结构示意图;3 is a schematic diagram of the composition and structure of a mobile terminal client identity authentication device according to an embodiment of the present invention;

图4为本发明实施例移动终端客户端身份认证系统的组成结构示意图。FIG. 4 is a schematic diagram of the composition and structure of a mobile terminal client identity authentication system according to an embodiment of the present invention.

具体实施方式detailed description

为了能够更加详尽地了解本发明实施例的特点与技术内容,下面结合附图对本发明实施例的实现进行详细阐述,所附附图仅供参考说明之用,并非用来限定本发明。In order to understand the characteristics and technical contents of the embodiments of the present invention in more detail, the implementation of the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. The attached drawings are only for reference and description, and are not intended to limit the present invention.

如图1所示,本发明实施例中移动终端客户端身份认证方法的实现流程,包括以下步骤:As shown in Figure 1, the implementation process of the mobile terminal client identity authentication method in the embodiment of the present invention includes the following steps:

步骤101:将用户登录账号与移动终端号码绑定;Step 101: Binding the user login account with the mobile terminal number;

这里,所述用户登录账号可以是用户名、个人邮箱等,还可以是全球用户识别卡(USIM,Universal Subscriber Identity Module)的集成电路卡识别码(ICCID,Integratecircuit card identity)或国际移动用户识别码(IMSI,International MobileSubscriber Identification Number)、国际移动设备身份码(IMEI,InternationalMobile Equipment Identity),或称为移动终端序列号等,用来唯一识别某一移动通信网中的移动用户。Here, the user login account can be a user name, a personal mailbox, etc., and can also be an integrated circuit card identification code (ICCID, Integrate circuit card identity) of a global subscriber identification card (USIM, Universal Subscriber Identity Module) or an international mobile subscriber identification code (IMSI, International Mobile Subscriber Identification Number), International Mobile Equipment Identity (IMEI, International Mobile Equipment Identity), or mobile terminal serial number, etc., are used to uniquely identify a mobile subscriber in a certain mobile communication network.

步骤102:接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;Step 102: After receiving the login request, verify the login information including the user login account and password, and obtain the mobile terminal number correspondingly bound to the user login account after the verification is passed;

这里,所述对包括用户登录账号和密码的登录信息进行验证,具体包括:Here, the verification of the login information including the user login account number and password specifically includes:

将所述用户输入的登录账号和密码与预先存储在数据库中的登录账号和密码进行匹配,若匹配成功,则所述登录信息验证通过;否则,所述登录信息验证失败。Matching the login account number and password input by the user with the login account number and password stored in the database in advance, if the matching is successful, the verification of the login information is passed; otherwise, the verification of the login information fails.

需要说明的是,本步骤中对所述用户登录账号和密码的合法性进行验证的方法,属于静态验证。It should be noted that the method for verifying the legitimacy of the user login account and password in this step belongs to static verification.

步骤103:检测是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;其中,所述随机码根据所述登录信息生成。Step 103: Detect whether the information sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result; wherein, the random code is generated according to the login information.

具体地,所述随机码由移动终端客户端根据用户输入的登录信息生成。Specifically, the random code is generated by the mobile terminal client according to the login information input by the user.

在生成随机码之后,所述方法还包括:由所述移动终端客户端发送内容为所述用户登录账号和密码的登录请求至服务端,以及发送内容为随机码的信息请求至第三方设备;所述第三方设备响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。After generating the random code, the method further includes: sending, by the mobile terminal client, a login request whose content is the user login account and password to the server, and sending an information request whose content is the random code to a third-party device; The third-party device responds to the information request, and notifies the mobile terminal client to send information whose content is a random code to the server.

这里,所述生成随机码,包括:使用DSA生成随机码,其中,DSA一般用于数字签名和认证,是非对称加密算法中的至少一种;DSA的安全性是基于整数有限域离散对数难题的,在相同密钥长度的前提下,DSA的安全性与RSA加密算法的安全性相当。在DSA数字签名和认证中,发送者使用自己的私钥对文件或消息进行签名,接受者收到消息后,使用发送者的公钥来验证签名的真实性。Here, the generation of random codes includes: using DSA to generate random codes, wherein DSA is generally used for digital signatures and authentication, and is at least one of asymmetric encryption algorithms; the security of DSA is based on the integer finite field discrete logarithm problem Yes, under the premise of the same key length, the security of DSA is equivalent to that of the RSA encryption algorithm. In DSA digital signature and authentication, the sender uses his own private key to sign a file or message, and the receiver uses the sender's public key to verify the authenticity of the signature after receiving the message.

其中,所述随机码是由使用移动终端客户端承载的、且与所述用户登录账号对应绑定的移动终端号码发送的信息内容;该信息可以通过调用移动终端如手机短信网关发送服务,以短信的形式发送,也可以通过调用多媒体网关发送服务,以彩信的形式发送,还可以通过调用微信网关发送服务,以微信的形式发送等等,这里不作具体限定。因此,本发明实施例随机码的发送形式更加灵活,为用户带来不同的使用体验,如此,不仅可以确保用户登录的移动终端客户端与用户绑定移动终端号码使用的移动终端客户端保持一致,还解决了伪造签名、破解密码等安全漏洞。Wherein, the random code is the information content sent by the mobile terminal number carried by the mobile terminal client and correspondingly bound to the user login account; the information can be sent by calling a mobile terminal such as a mobile phone SMS gateway to send a service to Sending in the form of short messages can also be sent in the form of MMS by calling the multimedia gateway sending service, and can also be sent in the form of WeChat by calling the WeChat gateway sending service, etc., which are not specifically limited here. Therefore, the sending form of the random code in the embodiment of the present invention is more flexible, which brings different user experiences to users. In this way, it can not only ensure that the mobile terminal client logged in by the user is consistent with the mobile terminal client used by the user to bind the mobile terminal number , It also solves security loopholes such as forging signatures and cracking passwords.

这里,具体如何使用DSA生成随机码属于现有技术,在此不再赘述。Here, specifically how to use the DSA to generate the random code belongs to the prior art, and will not be repeated here.

这里,所述根据检测结果确定是否允许用户登录,具体包括:Here, the determining whether to allow the user to log in according to the detection result specifically includes:

从所述第三方设备上监听是否有与所述用户登录账号对应绑定的移动终端号码发送的内容为随机码的信息,若是,则将监听结果反馈给所述移动终端客户端,确定用户的身份认证通过,允许所述用户登录;否则,将监听结果反馈给所述移动终端客户端,确定用户的身份认证未通过,不允许所述用户登录。Monitor from the third-party device whether there is information that the content sent by the mobile terminal number correspondingly bound to the user login account is random code information, and if so, feed back the monitoring result to the mobile terminal client to determine the user's If the identity authentication is passed, the user is allowed to log in; otherwise, the monitoring result is fed back to the mobile terminal client to determine that the user's identity authentication has not passed, and the user is not allowed to log in.

需要说明的是,本步骤中检测第三方设备是否收到所述移动终端号码发送的内容为随机码的信息的方法,属于动态验证。本发明的这种采用静态验证和动态验证的结合方法,即:采用双重认证,来自动完成移动终端客户端用户登录身份的认证,而不再需要移动终端客户端接收邀请码,减少了用户的操作步骤,缩短了认证时长,提高了用户信息的安全性。It should be noted that in this step, the method of detecting whether the third-party device has received the information that the content of the mobile terminal number is a random code is dynamic verification. The combination method of static verification and dynamic verification of the present invention, that is, adopts double authentication to automatically complete the authentication of the user login identity of the mobile terminal client, without requiring the mobile terminal client to receive the invitation code, reducing the user's The operation steps shorten the authentication time and improve the security of user information.

下面以手机客户端用户登录验证为例,结合图2,对本发明提供的移动终端客户端身份认证方法的具体实现过程作进一步详细介绍:Taking the mobile client client user login verification as an example below, in conjunction with Fig. 2, the specific implementation process of the mobile terminal client identity authentication method provided by the present invention is further introduced in detail:

本发明实施例的实现方案是由服务端与手机客户端两部分交互完成的。The implementation scheme of the embodiment of the present invention is completed by the interaction between the server and the mobile phone client.

如图2所示,本发明实施例中移动终端客户端身份认证方法的具体实现流程,包括以下步骤:As shown in Figure 2, the specific implementation process of the mobile terminal client identity authentication method in the embodiment of the present invention includes the following steps:

步骤201:在服务端预先将用户登录账号与手机号码Y进行绑定;Step 201: pre-binding the user login account with the mobile phone number Y on the server side;

步骤202:根据用户在手机客户端输入的登录账号、密码,使用DSA生成唯一的随机码X;Step 202: Use DSA to generate a unique random code X according to the login account number and password input by the user on the mobile phone client;

其中,所述随机码X可以为一随机字符串,所述随机字符串包括用户登录账号、密码中的任意字母和/或数字。Wherein, the random code X may be a random character string, and the random character string includes any letters and/or numbers in the user login account and password.

步骤203:客户端将用户登录账号、密码、随机码X都发送至服务端,根据用户登录账号和密码,提交登录请求;同时,手机客户端调用手机短信网关发送服务,发送一条内容为随机码X的短信至网关固定端口;Step 203: The client sends the user's login account, password, and random code X to the server, and submits a login request according to the user's login account and password; at the same time, the mobile client calls the mobile phone SMS gateway sending service, and sends a message containing a random code X's SMS to the fixed port of the gateway;

这里,所述随机码X是由使用手机客户端承载的手机号码Y发送的短信内容为一随机字符串X的信息。Here, the random code X is information that the content of the short message sent by the mobile phone number Y carried by the mobile phone client is a random character string X.

步骤204:服务端接收到登录请求后,对用户登录账号、密码的合法性进行验证,验证通过后,获取与用户登录账号对应绑定的手机号码Y;Step 204: After receiving the login request, the server verifies the legitimacy of the user's login account and password, and obtains the mobile phone number Y corresponding to the user's login account after the verification is passed;

这里,所述对用户登录账号、密码的合法性进行验证,具体包括:Here, the verification of the legitimacy of the user login account and password specifically includes:

将所述用户输入的登录账号和密码与预先存储在数据库中的登录账号和密码进行匹配,若匹配成功,则表明用户输入的登录账号和密码是合法的,所述登录信息验证通过;否则,表明用户输入的登录账号和密码是非法的,所述登录信息验证失败。Matching the login account number and password input by the user with the login account number and password stored in the database in advance, if the matching is successful, it indicates that the login account number and password input by the user are legal, and the login information verification is passed; otherwise, It indicates that the login account number and password input by the user are illegal, and the verification of the login information fails.

步骤205:服务端在短信网关后台的数据库中查询是否有手机号码Y发送的内容为X的上行短信;Step 205: the server inquires whether there is an uplink text message whose content is X sent by the mobile phone number Y in the database at the background of the SMS gateway;

步骤206:验证流程结束后,服务端将身份验证结果发送给手机客户端,手机客户端根据反馈的验证结果确认用户身份的合法性,以决定是否允许用户登录。Step 206: After the verification process is completed, the server sends the identity verification result to the mobile client, and the mobile client confirms the legitimacy of the user's identity according to the feedback verification result to decide whether to allow the user to log in.

具体地,若登录信息以及网关短信验证均通过,则将通过的验证结果反馈给手机客户端,手机客户端接收到该验证结果后,允许用户登录;否则,不允许用户登录。Specifically, if both the login information and the gateway SMS verification pass, the passed verification result is fed back to the mobile client, and the mobile client allows the user to log in after receiving the verification result; otherwise, the user is not allowed to log in.

为实现上述方法,本发明实施例还提供了一种移动终端客户端身份认证装置,如图3所示,该装置包括账号号码绑定单元301、登录信息验证单元302、绑定号码获取单元303、随机码信息检测单元304、用户登录确定单元305;其中,In order to realize the above method, the embodiment of the present invention also provides a mobile terminal client identity authentication device, as shown in Figure 3, the device includes an account number binding unit 301, a login information verification unit 302, a binding number acquisition unit 303 , a random code information detection unit 304, a user login determination unit 305; wherein,

所述账号号码绑定单元301,用于将用户登录账号与移动终端号码绑定;The account number binding unit 301 is used to bind the user login account with the mobile terminal number;

所述登录信息验证单元302,用于接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证;The login information verification unit 302 is configured to verify the login information including the user login account and password after receiving the login request;

所述绑定号码获取单元303,用于所述登录信息验证单元302验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;The binding number obtaining unit 303 is configured to obtain the mobile terminal number correspondingly bound to the user login account after the login information verification unit 302 passes the verification;

所述随机码信息检测单元304,用于检测是否收到所述移动终端号码发送的内容为随机码的信息;The random code information detection unit 304 is used to detect whether the content sent by the mobile terminal number is random code information;

所述用户登录确定单元305,用于根据所述随机码信息检测单元304的检测结果确定是否允许用户登录;The user login determination unit 305 is configured to determine whether to allow user login according to the detection result of the random code information detection unit 304;

其中,所述随机码根据所述登录信息生成。Wherein, the random code is generated according to the login information.

这里,所述装置还包括:随机码生成单元306、登录请求发送单元307、随机码信息发送单元308;其中,Here, the device further includes: a random code generating unit 306, a login request sending unit 307, and a random code information sending unit 308; wherein,

所述随机码生成单元306,用于由移动终端客户端根据用户输入的登录信息生成随机码;The random code generation unit 306 is configured to generate a random code by the mobile terminal client according to the login information input by the user;

所述登录请求发送单元307,用于在所述随机码生成单元306生成随机码之后,由所述移动终端客户端发送内容为所述用户登录账号和密码的登录请求至服务端;The login request sending unit 307 is configured to send a login request whose content is the user login account number and password to the server by the mobile terminal client after the random code generation unit 306 generates a random code;

所述随机码信息发送单元308,用于在所述随机码生成单元306生成随机码之后,发送内容为随机码的信息请求至第三方设备;所述第三方设备响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。The random code information sending unit 308 is configured to send an information request whose content is a random code to a third-party device after the random code generation unit 306 generates the random code; the third-party device responds to the information request and notifies The mobile terminal client sends information containing random codes to the server.

其中,所述随机码生成单元306,具体用于:使用DSA生成随机码,其中,所述DSA为非对称加密算法中的至少一种。Wherein, the random code generation unit 306 is specifically configured to: use DSA to generate a random code, wherein the DSA is at least one of asymmetric encryption algorithms.

所述登录信息验证单元302,具体用于:The login information verification unit 302 is specifically used for:

将所述用户输入的登录账号和密码与预先存储在数据库中的登录账号和密码进行匹配,若匹配成功,则所述登录信息验证通过;否则,所述登录信息验证失败。Matching the login account number and password input by the user with the login account number and password stored in the database in advance, if the matching is successful, the verification of the login information is passed; otherwise, the verification of the login information fails.

所述用户登录确定单元305,具体用于:The user login determination unit 305 is specifically used for:

从所述第三方设备上监听是否有与所述用户登录账号对应绑定的移动终端号码发送的内容为随机码的信息,若是,则将监听结果反馈给所述移动终端客户端,确定用户的身份认证通过,允许所述用户登录;否则,将监听结果反馈给所述移动终端客户端,确定用户的身份认证未通过,不允许所述用户登录。Monitor from the third-party device whether there is information that the content sent by the mobile terminal number correspondingly bound to the user login account is random code information, and if so, feed back the monitoring result to the mobile terminal client to determine the user's If the identity authentication is passed, the user is allowed to log in; otherwise, the monitoring result is fed back to the mobile terminal client to determine that the user's identity authentication has not passed, and the user is not allowed to log in.

在实际应用中,所述账号号码绑定单元301、登录信息验证单元302、绑定号码获取单元303、随机码信息检测单元304、用户登录确定单元305均可由位于服务器终端上的中央处理器(CPU,Central Processing Unit)、微处理器(MPU,Micro Processor Unit)、数字信号处理器(DSP,Digital Signal Processor)、或现场可编程门阵列(FPGA,FieldProgrammable Gate Array)等实现;所述随机码生成单元306、登录请求发送单元307、随机码信息发送单元308均可由位于移动终端上的CPU、MPU、DSP、或FPGA等实现。In practical applications, the account number binding unit 301, login information verification unit 302, binding number acquisition unit 303, random code information detection unit 304, and user login determination unit 305 can all be controlled by a central processing unit ( CPU, Central Processing Unit), microprocessor (MPU, Micro Processor Unit), digital signal processor (DSP, Digital Signal Processor), or Field Programmable Gate Array (FPGA, Field Programmable Gate Array); the random code The generating unit 306, the login request sending unit 307, and the random code information sending unit 308 can all be implemented by CPU, MPU, DSP, or FPGA on the mobile terminal.

为实现上述方法,本发明实施例还提供了一种移动终端客户端身份认证系统,如图4所示,该系统包括:移动终端客户端、服务端、第三方设备;其中,In order to implement the above method, an embodiment of the present invention also provides a mobile terminal client identity authentication system, as shown in Figure 4, the system includes: a mobile terminal client, a server, and a third-party device; wherein,

所述移动终端客户端,用于根据用户输入的登录信息生成随机码;还用于发送内容为所述用户登录账号和密码的登录请求至所述服务端,以及发送内容为随机码的信息请求至所述第三方设备;The mobile terminal client is used to generate a random code according to the login information input by the user; it is also used to send a login request whose content is the user login account and password to the server, and send an information request whose content is a random code to said third party device;

所述服务端,用于将用户登录账号与移动终端号码绑定;接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;检测所述第三方设备是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;The server is configured to bind the user login account with the mobile terminal number; after receiving the login request, verify the login information including the user login account and password, and after the verification is passed, obtain the account corresponding to the user login account. Determine the mobile terminal number; detect whether the third-party device receives the information that the content sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result;

所述第三方设备,用于响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。The third-party device is configured to respond to the information request, and notify the mobile terminal client to send information whose content is a random code to the server.

这里,所述移动终端客户端,具体用于:使用DSA生成随机码,其中,所述DSA为非对称加密算法中的至少一种。Here, the mobile terminal client is specifically configured to: use DSA to generate a random code, wherein the DSA is at least one of asymmetric encryption algorithms.

这里,所述第三方设备,是根据发送的内容为随机码的信息的发送形式确定的,比如:该信息通过调用移动终端如手机短信网关发送服务,以短信的形式发送时,所述第三方设备为短信网关;该信息通过调用多媒体网关发送服务,以彩信的形式发送时,所述第三方设备为彩信网关;该信息通过调用微信网关发送服务,以微信的形式发送时,所述第三方设备为微信网关,这里不作具体限定。Here, the third-party device is determined according to the sending form of the information whose content is a random code, for example: when the information is sent in the form of a short message by calling a mobile terminal such as a mobile phone short message gateway sending service, the third party The device is a short message gateway; when the information is sent in the form of a multimedia message by calling a multimedia gateway to send the service, the third-party device is a multimedia message gateway; when the information is sent in the form of a WeChat by calling a WeChat gateway, the third party The device is a WeChat gateway, which is not specifically limited here.

根据图4所示,所述移动终端客户端包括:随机码生成单元402、登录请求发送单元403、随机码信息发送单元404、验证结果接受单元409;所述服务端包括:账号号码绑定单元401、登录信息验证单元405、绑定号码获取单元406、随机码信息检测单元407、验证结果反馈单元408;其中,As shown in Figure 4, the mobile terminal client includes: a random code generating unit 402, a login request sending unit 403, a random code information sending unit 404, and a verification result accepting unit 409; the server includes: an account number binding unit 401. Login information verification unit 405, binding number acquisition unit 406, random code information detection unit 407, verification result feedback unit 408; wherein,

所述账号号码绑定单元401,用于将用户登录账号与移动终端号码绑定;The account number binding unit 401 is used to bind the user login account with the mobile terminal number;

所述随机码生成单元402,用于由移动终端客户端根据用户输入的登录信息生成随机码;The random code generation unit 402 is configured to generate a random code by the mobile terminal client according to the login information input by the user;

所述登录请求发送单元403,用于在所述随机码生成单元402生成随机码之后,由所述移动终端客户端发送内容为所述用户登录账号和密码的登录请求至服务端;The login request sending unit 403 is configured to, after the random code generating unit 402 generates a random code, send a login request whose content is the user login account number and password to the server by the mobile terminal client;

所述随机码信息发送单元404,用于在所述随机码生成单元402生成随机码之后,发送内容为随机码的信息请求至第三方设备;所述第三方设备响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端;The random code information sending unit 404 is configured to send an information request whose content is a random code to a third-party device after the random code generation unit 402 generates the random code; the third-party device responds to the information request and notifies The mobile terminal client sends information whose content is a random code to the server;

所述登录信息验证单元405,用于接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证;The login information verification unit 405 is configured to verify the login information including the user login account and password after receiving the login request;

所述绑定号码获取单元406,用于所述登录信息验证单元405验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;The binding number obtaining unit 406 is configured to obtain the mobile terminal number correspondingly bound to the user login account after the login information verification unit 405 passes the verification;

所述随机码信息检测单元407,用于检测所述第三方设备是否收到所述移动终端号码发送的内容为随机码的信息;The random code information detection unit 407 is configured to detect whether the third party device has received information that the content sent by the mobile terminal number is a random code;

所述验证结果反馈单元408,用于向移动终端客户端发送检测结果;The verification result feedback unit 408 is configured to send the detection result to the mobile terminal client;

所述验证结果接受单元409,用于根据反馈的检测结果确认用户身份的合法性,以决定是否允许用户登录。The verification result accepting unit 409 is configured to confirm the legitimacy of the user's identity according to the feedback detection result, so as to decide whether to allow the user to log in.

本发明实施例将用户登录账号与手机号码绑定;接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;检测是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;其中,所述随机码根据所述登录信息生成。本发明实施例只需建立移动终端号码与用户登录账号之间的绑定关系,提高了移动终端客户端应用程序的移植性与使用便捷性;另外,移动终端客户端身份认证步骤为静态验证和动态验证的结合,即:采用双重认证;如此,不仅可以确保用户登录的移动终端客户端与用户绑定移动终端号码使用的移动终端客户端保持一致,还能够解决伪造签名、破解密码等安全漏洞,极大地提高了用户信息安全性。In the embodiment of the present invention, the user login account is bound to the mobile phone number; after receiving the login request, the login information including the user login account and password is verified, and after the verification is passed, the mobile terminal correspondingly bound to the user login account is obtained number; detect whether the information sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result; wherein, the random code is generated according to the login information. The embodiment of the present invention only needs to establish the binding relationship between the mobile terminal number and the user login account, which improves the portability and convenience of the application program of the mobile terminal client; in addition, the identity authentication steps of the mobile terminal client are static verification and The combination of dynamic verification, that is: the use of double authentication; in this way, it can not only ensure that the mobile terminal client logged in by the user is consistent with the mobile terminal client used by the user to bind the mobile terminal number, but also solve security vulnerabilities such as forged signatures and password cracking , greatly improving the security of user information.

除此之外,本发明实施例不需要用户接收邀请码,后台网关通过第三方设备就可以自动智能完成用户登录身份的认证,减少用户操作步骤,缩短认证时长,为用户带来更佳的使用体验。In addition, the embodiment of the present invention does not require the user to receive the invitation code, and the background gateway can automatically and intelligently complete the authentication of the user's login identity through a third-party device, reducing user operation steps, shortening the authentication time, and bringing better use to users. experience.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above description is only a preferred embodiment of the present invention, and is not used to limit the protection scope of the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included in the within the protection scope of the present invention.

Claims (10)

1.一种移动终端客户端身份认证方法,其特征在于,将用户登录账号与移动终端号码绑定;所述方法还包括:1. A mobile terminal client identity authentication method is characterized in that, the user login account is bound with the mobile terminal number; the method also includes: 接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;After receiving the login request, verify the login information including the user login account and password, and obtain the mobile terminal number correspondingly bound to the user login account after the verification is passed; 检测是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;Detect whether the information sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result; 其中,所述随机码根据所述登录信息生成。Wherein, the random code is generated according to the login information. 2.根据权利要求1所述的方法,其特征在于,所述随机码由移动终端客户端根据用户输入的登录信息生成;2. The method according to claim 1, wherein the random code is generated by the mobile terminal client according to the login information input by the user; 在生成随机码之后,所述方法还包括:由所述移动终端客户端发送内容为所述用户登录账号和密码的登录请求至服务端,以及发送内容为随机码的信息请求至第三方设备;所述第三方设备响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。After generating the random code, the method further includes: sending, by the mobile terminal client, a login request whose content is the user login account and password to the server, and sending an information request whose content is the random code to a third-party device; The third-party device responds to the information request, and notifies the mobile terminal client to send information whose content is a random code to the server. 3.根据权利要求1或2所述的方法,其特征在于,所述生成随机码,包括:使用数字签名算法DSA生成随机码,其中,所述DSA为非对称加密算法中的至少一种。3. The method according to claim 1 or 2, wherein said generating a random code comprises: using a digital signature algorithm DSA to generate a random code, wherein said DSA is at least one of asymmetric encryption algorithms. 4.根据权利要求2所述的方法,其特征在于,所述根据检测结果确定是否允许用户登录,包括:4. The method according to claim 2, wherein the determining whether to allow the user to log in according to the detection result comprises: 从所述第三方设备上监听是否有与所述用户登录账号对应绑定的移动终端号码发送的内容为随机码的信息,若是,则将监听结果反馈给所述移动终端客户端,确定用户的身份认证通过,允许所述用户登录;否则,将监听结果反馈给所述移动终端客户端,确定用户的身份认证未通过,不允许所述用户登录。Monitor from the third-party device whether there is information that the content sent by the mobile terminal number correspondingly bound to the user login account is random code information, and if so, feed back the monitoring result to the mobile terminal client to determine the user's If the identity authentication is passed, the user is allowed to log in; otherwise, the monitoring result is fed back to the mobile terminal client to determine that the user's identity authentication has not passed, and the user is not allowed to log in. 5.一种移动终端客户端身份认证装置,其特征在于,所述装置包括:账号号码绑定单元、登录信息验证单元、绑定号码获取单元、随机码信息检测单元、用户登录确定单元;其中,5. A mobile terminal client identity authentication device, characterized in that the device includes: an account number binding unit, a login information verification unit, a binding number acquisition unit, a random code information detection unit, and a user login determination unit; wherein , 所述账号号码绑定单元,用于将用户登录账号与移动终端号码绑定;The account number binding unit is used to bind the user login account with the mobile terminal number; 所述登录信息验证单元,用于接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证;The login information verification unit is configured to verify the login information including the user login account number and password after receiving the login request; 所述绑定号码获取单元,用于所述登录信息验证单元验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;The binding number obtaining unit is configured to obtain the mobile terminal number correspondingly bound to the user login account after the login information verification unit passes the verification; 所述随机码信息检测单元,用于检测是否收到所述移动终端号码发送的内容为随机码的信息;The random code information detection unit is used to detect whether the information sent by the mobile terminal number is a random code; 所述用户登录确定单元,用于根据所述随机码信息检测单元的检测结果确定是否允许用户登录;The user login determination unit is configured to determine whether to allow user login according to the detection result of the random code information detection unit; 其中,所述随机码根据所述登录信息生成。Wherein, the random code is generated according to the login information. 6.根据权利要求5所述的装置,其特征在于,所述装置还包括:随机码生成单元、登录请求发送单元、随机码信息发送单元;其中,6. The device according to claim 5, further comprising: a random code generating unit, a login request sending unit, and a random code information sending unit; wherein, 所述随机码生成单元,用于由移动终端客户端根据用户输入的登录信息生成随机码;The random code generation unit is used to generate a random code by the mobile terminal client according to the login information input by the user; 所述登录请求发送单元,用于在所述随机码生成单元生成随机码之后,由所述移动终端客户端发送内容为所述用户登录账号和密码的登录请求至服务端;The login request sending unit is configured to send, by the mobile terminal client, a login request whose content is the user login account number and password to the server after the random code generation unit generates the random code; 所述随机码信息发送单元,用于在所述随机码生成单元生成随机码之后,发送内容为随机码的信息请求至第三方设备;所述第三方设备响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。The random code information sending unit is configured to send an information request containing a random code to a third-party device after the random code generating unit generates the random code; the third-party device responds to the information request and notifies the The mobile terminal client sends information containing random codes to the server. 7.根据权利要求5或6所述的装置,其特征在于,所述随机码生成单元,具体用于:使用数字签名算法DSA生成随机码,其中,所述DSA为非对称加密算法中的至少一种。7. The device according to claim 5 or 6, wherein the random code generating unit is specifically configured to: use a digital signature algorithm DSA to generate a random code, wherein the DSA is at least one of the asymmetric encryption algorithms A sort of. 8.根据权利要求6所述的装置,其特征在于,所述用户登录确定单元,具体用于:8. The device according to claim 6, wherein the user login determination unit is specifically configured to: 从所述第三方设备上监听是否有与所述用户登录账号对应绑定的移动终端号码发送的内容为随机码的信息,若是,则将监听结果反馈给所述移动终端客户端,确定用户的身份认证通过,允许所述用户登录;否则,将监听结果反馈给所述移动终端客户端,确定用户的身份认证未通过,不允许所述用户登录。Monitor from the third-party device whether there is information that the content sent by the mobile terminal number correspondingly bound to the user login account is random code information, and if so, feed back the monitoring result to the mobile terminal client to determine the user's If the identity authentication is passed, the user is allowed to log in; otherwise, the monitoring result is fed back to the mobile terminal client to determine that the user's identity authentication has not passed, and the user is not allowed to log in. 9.一种移动终端客户端身份认证系统,其特征在于,所述系统包括:移动终端客户端、服务端、第三方设备;其中,9. A mobile terminal client identity authentication system, characterized in that the system includes: a mobile terminal client, a server, and a third-party device; wherein, 所述移动终端客户端,用于根据用户输入的登录信息生成随机码;还用于发送内容为所述用户登录账号和密码的登录请求至所述服务端,以及发送内容为随机码的信息请求至所述第三方设备;The mobile terminal client is used to generate a random code according to the login information input by the user; it is also used to send a login request whose content is the user login account and password to the server, and send an information request whose content is a random code to said third party device; 所述服务端,用于将用户登录账号与移动终端号码绑定;接收到登录请求后,对包括用户登录账号和密码的登录信息进行验证,验证通过后,获取与所述用户登录账号对应绑定的移动终端号码;检测所述第三方设备是否收到所述移动终端号码发送的内容为随机码的信息,根据检测结果确定是否允许用户登录;The server is configured to bind the user login account with the mobile terminal number; after receiving the login request, verify the login information including the user login account and password, and after the verification is passed, obtain the account corresponding to the user login account. Determine the mobile terminal number; detect whether the third-party device receives the information that the content sent by the mobile terminal number is a random code, and determine whether to allow the user to log in according to the detection result; 所述第三方设备,用于响应所述信息请求,并通知所述移动终端客户端发送内容为随机码的信息至服务端。The third-party device is configured to respond to the information request, and notify the mobile terminal client to send information whose content is a random code to the server. 10.根据权利要求9所述的系统,其特征在于,所述移动终端客户端,具体用于:使用数字签名算法DSA生成随机码,其中,所述DSA为非对称加密算法中的至少一种。10. The system according to claim 9, wherein the mobile terminal client is specifically configured to: use a digital signature algorithm DSA to generate a random code, wherein the DSA is at least one of an asymmetric encryption algorithm .
CN201610658158.7A 2016-08-11 2016-08-11 A kind of mobile terminal client terminal identity identifying method, device and system Pending CN107733838A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610658158.7A CN107733838A (en) 2016-08-11 2016-08-11 A kind of mobile terminal client terminal identity identifying method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610658158.7A CN107733838A (en) 2016-08-11 2016-08-11 A kind of mobile terminal client terminal identity identifying method, device and system

Publications (1)

Publication Number Publication Date
CN107733838A true CN107733838A (en) 2018-02-23

Family

ID=61199681

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610658158.7A Pending CN107733838A (en) 2016-08-11 2016-08-11 A kind of mobile terminal client terminal identity identifying method, device and system

Country Status (1)

Country Link
CN (1) CN107733838A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600234A (en) * 2018-04-27 2018-09-28 中国农业银行股份有限公司 A kind of auth method, device and mobile terminal
CN109547412A (en) * 2018-10-23 2019-03-29 平安科技(深圳)有限公司 Two-factor authentication method, apparatus, system, electronic equipment and storage medium
CN109587683A (en) * 2019-01-04 2019-04-05 中国联合网络通信集团有限公司 Method and system, application program and the terminal information database of the anti-monitoring of short message
CN109658570A (en) * 2018-12-19 2019-04-19 中新智擎科技有限公司 A kind of server, client, mobile robot, door access control system and method
CN111181839A (en) * 2019-12-25 2020-05-19 口碑(上海)信息技术有限公司 Data processing method, device and device in application sharing
CN111310140A (en) * 2020-02-05 2020-06-19 Tcl移动通信科技(宁波)有限公司 Application login authentication method, electronic equipment, mobile terminal and storage medium
CN111885043A (en) * 2020-07-20 2020-11-03 中国联合网络通信集团有限公司 Internet account login method, system, equipment and storage medium
CN114422270A (en) * 2022-03-28 2022-04-29 成都运荔枝科技有限公司 Method and device for safe login authentication of Internet platform system
CN114417273A (en) * 2021-12-28 2022-04-29 中国电信股份有限公司 A method and device for user authentication
CN114765780A (en) * 2021-01-04 2022-07-19 中国移动通信有限公司研究院 Identity verification method and device and related equipment
CN115136625A (en) * 2020-03-09 2022-09-30 华为技术有限公司 Vehicle machine system login method and related device
CN115766164A (en) * 2022-11-08 2023-03-07 云南电网有限责任公司信息中心 An automated tool sharing platform for unified certification management
CN118916858A (en) * 2024-07-16 2024-11-08 湖南聚赢档案管理有限公司 Security management system and method for electronic files

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101277192A (en) * 2008-04-25 2008-10-01 华为技术有限公司 A method and system for authenticating a client
CN102811228A (en) * 2012-08-31 2012-12-05 中国联合网络通信集团有限公司 Network service login method, device and system
US20140115679A1 (en) * 2012-10-23 2014-04-24 Edward M. Barton Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system
CN104168329A (en) * 2014-08-28 2014-11-26 尚春明 User secondary authentication method, device and system in cloud computing and Internet
CN104202162A (en) * 2014-08-12 2014-12-10 武汉理工大学 System for login based on mobile phone and login method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101277192A (en) * 2008-04-25 2008-10-01 华为技术有限公司 A method and system for authenticating a client
CN102811228A (en) * 2012-08-31 2012-12-05 中国联合网络通信集团有限公司 Network service login method, device and system
US20140115679A1 (en) * 2012-10-23 2014-04-24 Edward M. Barton Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system
CN104202162A (en) * 2014-08-12 2014-12-10 武汉理工大学 System for login based on mobile phone and login method
CN104168329A (en) * 2014-08-28 2014-11-26 尚春明 User secondary authentication method, device and system in cloud computing and Internet

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600234A (en) * 2018-04-27 2018-09-28 中国农业银行股份有限公司 A kind of auth method, device and mobile terminal
CN109547412A (en) * 2018-10-23 2019-03-29 平安科技(深圳)有限公司 Two-factor authentication method, apparatus, system, electronic equipment and storage medium
CN109658570A (en) * 2018-12-19 2019-04-19 中新智擎科技有限公司 A kind of server, client, mobile robot, door access control system and method
CN109587683A (en) * 2019-01-04 2019-04-05 中国联合网络通信集团有限公司 Method and system, application program and the terminal information database of the anti-monitoring of short message
CN111181839B (en) * 2019-12-25 2021-08-24 口碑(上海)信息技术有限公司 Data processing method, device and equipment in application sharing
CN111181839A (en) * 2019-12-25 2020-05-19 口碑(上海)信息技术有限公司 Data processing method, device and device in application sharing
CN111310140A (en) * 2020-02-05 2020-06-19 Tcl移动通信科技(宁波)有限公司 Application login authentication method, electronic equipment, mobile terminal and storage medium
CN115136625A (en) * 2020-03-09 2022-09-30 华为技术有限公司 Vehicle machine system login method and related device
CN115136625B (en) * 2020-03-09 2023-06-02 华为技术有限公司 Vehicle-mounted system login method and related device
US12355751B2 (en) 2020-03-09 2025-07-08 Shenzhen Yinwang Intelligent Technologies Co., Ltd. Method and related apparatus for logging in to in-vehicle system
CN111885043B (en) * 2020-07-20 2022-03-29 中国联合网络通信集团有限公司 Internet account login method, system, device and storage medium
CN111885043A (en) * 2020-07-20 2020-11-03 中国联合网络通信集团有限公司 Internet account login method, system, equipment and storage medium
CN114765780A (en) * 2021-01-04 2022-07-19 中国移动通信有限公司研究院 Identity verification method and device and related equipment
CN114417273A (en) * 2021-12-28 2022-04-29 中国电信股份有限公司 A method and device for user authentication
CN114422270A (en) * 2022-03-28 2022-04-29 成都运荔枝科技有限公司 Method and device for safe login authentication of Internet platform system
CN115766164A (en) * 2022-11-08 2023-03-07 云南电网有限责任公司信息中心 An automated tool sharing platform for unified certification management
CN118916858A (en) * 2024-07-16 2024-11-08 湖南聚赢档案管理有限公司 Security management system and method for electronic files

Similar Documents

Publication Publication Date Title
CN107733838A (en) A kind of mobile terminal client terminal identity identifying method, device and system
CN107948204B (en) One-key login method and system, related equipment and computer readable storage medium
CN104065621B (en) A kind of auth method of third party's service, client and system
CN102231746B (en) Method for validating identification information and terminal thereof
CN105592065B (en) A kind of website login method and login system based on mobile phone short message
US8433914B1 (en) Multi-channel transaction signing
CN108616360B (en) User identity verification and registration method and device
TW201914256A (en) Identity verification method and device, electronic equipment
US9009793B2 (en) Dynamic pin dual factor authentication using mobile device
CN106203021B (en) A kind of more certification modes are integrated to apply login method and system
CN107086979B (en) User terminal verification login method and device
WO2014040479A1 (en) User identity authenticating method and device for preventing malicious harassment
CN106790267A (en) A kind of method and apparatus of access server operating system
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
CN103944877A (en) Method and system for safely logging on bank website based on two-dimension code
CN109040070A (en) Document sending method, equipment and computer readable storage medium
CN111800377A (en) A mobile terminal identity authentication system based on secure multi-party computing
CN103905400A (en) Service authentication method, apparatus and system
CN105701423A (en) Data storage method and device applied to cloud payment transactions
CN106130971A (en) Identity identifying method and certificate server
CN106789924A (en) The method and system that a kind of digital certificate protection web site of use mobile terminal is logged in
CN105516054B (en) Method and device for user authentication
CN105933876A (en) Counterfeit short message identification method, mobile phone terminal, server, and system
CN113824628B (en) User identity authentication method, device, server and storage medium based on IM
CN103312678B (en) A kind of client security login, Apparatus and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180223